Hey again. Ok so I was following this chapter reasonably well untill i came to this practise:
=====================================================
MCSE press book 70-291
1) On computer2 delete any mapped drives or other connections to computer1
2) Log off computer 2
3) Unplug the network connection
'If the computer is not plugged into the network, it cannot obtain kerberos tickets;however, users who have previously authenticated to the domain will be able to log on. Even so they will not be able to use kerberos.'
4)From computer1, log on to the domain
5) Start kerbtray and note that there are no Kerberos tickets
6) Reconnect the network connection
7) Start network monitor capture on computer1
Map to the capture share on computer1. You should use the name of the computer in the path, in other words \\computer1\capture.
9) From the capture menu of network monitor, select stop and view and answer following; were you sucessfull?
=============================================================
Now, these are the questions in which I'm stumped:
5: Note that there are no kerberos tickets? Well, there are. The one created when i logged onto computer1!
6: Reconnect the network connection... I fail to understand why i unplugged in the first place! As after unplugging it, I didnt do anything with computer2 and now im just plugging it back in.
8: Map to capture share on computer1... does this mean from computer1 or 2? Because usaully it would say 'logon to computer2' before stating that.
However! The book states that NTLM should have been used, and by sure I found it in network monitor after browsing to the share from computer2.. but I dont understand why it didnt use kerberos to authenticate..sorry if i've missed something really stupid here, I feel i may have :X
